Authentication with REST API should issue both an access token and a refresh token. Refresh tokens should have a long expiration and there should be an endpoint you can submit the refresh token to get a new access token.
When requesting an access token, the client should also get the precise expiration date for it, so he can know when to refresh.
Authentication with REST API should issue both an access token and a refresh token. Refresh tokens should have a long expiration and there should be an endpoint you can submit the refresh token to get a new access token.
When requesting an access token, the client should also get the precise expiration date for it, so he can know when to refresh.